Re: CVS commit: src/external/bsd/blacklist/bin

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/external/bsd/blacklist/bin
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 11 Mar 2020 15:12:16 -0000 (UTC)

In article <20200311023318.C6A7FFB28%cvs.NetBSD.org@localhost>,
Roy Marples <source-changes-d%NetBSD.org@localhost> wrote:
>-=-=-=-=-=-
>
>Module Name:	src
>Committed By:	roy
>Date:		Wed Mar 11 02:33:18 UTC 2020
>
>Modified Files:
>	src/external/bsd/blacklist/bin: blacklistd.c
>
>Log Message:
>blacklist: Don't remove a ruleset if we have already added it
>
>The noted argument is wrong - if it's already been deleted then the id we
>have for it is invalid.
>Because we don't track deletions to the ruleset, working it out is
>problematic at best.
>
>Instead, if we have already added the rule treat it as a non-op.
>
>This is a valid use case because we might receive a burst of messages
>in the downstream application for the same address and process them
>one by one. It's not the job of the downstream application to track
>blacklistd state.

The comment was correct. You need to consider the case where someone
manually deleted the rule directly from the packet filter. The
database will think it is there, but now you'll never add it again.

christos

Follow-Ups:
- Re: CVS commit: src/external/bsd/blacklist/bin
  - From: Roy Marples

Prev by Date: Re: CVS commit: src/external/cddl/osnet/dist/uts/common/fs/zfs
Next by Date: Re: CVS commit: src/sys/ufs/ufs
Previous by Thread: Re: CVS commit: src/external/bsd/blacklist
Next by Thread: Re: CVS commit: src/external/bsd/blacklist/bin
Indexes:

Home | Main Index | Thread Index | Old Index